Enterprise Encryption Is Cracking Under Pressure. Quantum Just Speeds Things Up

Quantum computing is often framed as a looming cybersecurity apocalypse. But for many enterprises, cryptographic systems are already buckling long before quantum machines arrive.

A new global survey from Entrust of more than 4,000 senior IT and security leaders shows that the foundations of enterprise encryption are under growing strain, driven by shrinking certificate lifespans, exploding volumes of keys and secrets, fragmented ownership across hybrid environments, and a lack of visibility into cryptographic assets. Quantum computing is not creating these problems. It is accelerating their consequences. Three quarters of respondents believe quantum computers will be capable of breaking today’s public key cryptography within the next decade, and more than half expect it within five years. Yet fewer than 40 percent say their organizations are actively preparing for that shift. Even fewer have the crypto-agility needed to transition encryption algorithms without disrupting critical systems.

That gap is dangerous because the quantum threat collides with operational realities already in motion. Certificate lifetimes are collapsing toward near-monthly renewal cycles. Long-lived data such as health records and trade secrets remains vulnerable to “harvest now, decrypt later” attacks. And most organizations still lack a complete inventory of where cryptography lives inside their infrastructure.

Only about 40 percent of respondents say they have full visibility into their certificates, keys, and secrets. Without that visibility, post-quantum migration is not a roadmap. It is guesswork.

The consequences are not abstract. Half of surveyed leaders believe a successful quantum attack would seriously damage their organization or industry. The most feared outcomes include permanent loss of access to encrypted critical infrastructure and exposure of sensitive data meant to remain confidential for decades.

Regional differences underscore the stakes. European organizations, particularly in the DACH region, now report higher levels of post-quantum preparedness than U.S. counterparts, likely driven by stricter privacy laws and clearer regulatory pressure. U.S. readiness, by contrast, has declined year over year, even as federal agencies warn that migration timelines are tightening.

What emerges from the data is a blunt conclusion: quantum readiness is not primarily a future problem. It is a present-day reckoning with cryptographic sprawl, technical debt, and years of invisible encryption decisions.

By the time quantum attacks become practical, the hardest challenge for many organizations may not be adopting new algorithms. It may be figuring out what they are already using and where it is quietly holding everything together.